DLP Implemented in SaaS environment

How DLP should be implemented in various SaaS solutions?

A bullet point response would be great.

Kalonji GuilloryAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
We can look at 3 type of deployment:
  1. - Via an endpoint agent embedded in the cloud instance or the hypervisor,
  2. - Via routing traffic through a dedicated DLP server or appliance outside the cloud, or
  3. - Via running a cloud instance of a DLP server and routing traffic through it.

You should engage your DLP vendor as they would have scale out to the cloud capabilities - for those Enterprise DLP
  • - I tends to see it is likely a on premise and cloud based hybrid mixed
  • - Above options can all be applicable depending where your asset are and exchanging data across the platform.

Some suggestion to checks and considerations for your on premise enhancement to connect to the cloud
  1. - Identify the chokepoint (egress/ingress) points to the cloud.
  2. - Segregate the segment with has external connection. Maybe like DMZ to internet. Can be another private leased network
  3. - Check connectivity to the cloud subscribed or managed under you oversight
  4. - Assess the secure channel posture e.g. VPN for point to point secure channel to the Cloud infrastructure
  5. - Implement a CASB  (cloud access security broker) as your bouncer to inspect all traffic traversing in and out of this network
  6. - Prior to CASB inspection, need to decrypt as secure (e.g. TLS) connection to the internet or external network
  7. - Manage the cloud portal access on the traffic bandwidth
  8. - Have a SOC or IT Ops team watching over the alert from CASB  for response
  9. - Need regular scan on the network and connection for any vulnerability and keep it updated in security patches

Other considerations,
  • - If you are on public cloud, you are unlikely to restrict network routing to the degree with DLP offers on premise
  • - Hence rely more on an agent-based approach to put into cloud instance and endpoint (allowed to connect to cloud).
  • - Move to private or virtual private clouds, so you have more control similar to on premise DLP
  • - Main thing to gain control to lock down traffic and endpoint so that DLP can still be deployed and be monitored.

Below would be the portfolio of the services to be managed
  1. Endpoint DLP as a Service - with Application Control
  2. Network DLP as a Service
  3. Data Discovery with Data Classification as a Service
  4. Cloud DLP as a Service
  5. Information / Digital Rights Management as a Service

Specific to capability, you should be asking for
  1. Content- and context-aware monitoring and inspection policies
  2. Detailed activity logging and reporting
  3. Device-level control
  4. Auditing, alerting, prompting, blocking, and removing remediation actions
  5. Encryption of sensitive data prior to cloud upload
  6. API integration with cloud storage providers to extend data security policy enforcement to the cloud
Some possible provider include Digital Guardian, Symantec, GTB Tech


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.